Cyber Security support to the HumanDrive Project th Dec 2018 13 th - - PowerPoint PPT Presentation

13 13th

th Dec 2018

Cyber Security support to the HumanDrive Project

Luigi i Bisbig iglia SBD Autom

• mot
• tive

ve Ltd Busin iness Develo lopm pment nt Manager

Autumn

• ‘Grand Drive’ will be an end-to-end journey of around 200 miles including Motorway,

A-Road and Country Road driving

• Using Machine Learning and AI to provide human-like control
• Research into human driving behaviour using physical vehicles and simulator
• Transport Systems Catapult and Horiba MIRA responsible for the Safety Work Package
• Cyber Security covered by a separate Work Package

SBD’s Cyber Support Package

• Analysis of public hacks
• New product and technology tracking
• New standards and guidelines
• Competitor activity
• Knowledge sharing
• Threat modelling for security

requirements and design reviews

• Penetration testing
• Risk assessment (analysis of

results, remediation and risk rating)

• Objective setting
• Design process improvement
• Cyber roadmap
• Incident response planning
• Training
• Supplier evaluation

Intelligence Strategy Evaluation

SAE Definitions

Implementation Trends

SAE Levels Key in-car architecture characteristics

Level 0 “Legacy architecture”

• Piece meal implementation
• Very few ADAS available,developed as a stand alone solution
• No sensor fusion (sensor hardwired to ECU, not networked) and no actuators involved
• Mainly CAN technology

Level 1 “Carry-over architecture”

• Piece meal implementation
• A few stand-alone ADAS
• When there is actuation (e.g. braking), the ADAS ECU is usually on the same network as the actuator
• Mainly CAN technology

Level 2 “Primitive ADAS architecture”

• Dedicated ADAS network
• Primitive / localised sensor fusion taking place (front sensing with rear facing). Some sensors are networked
• FlexRay technology introduced
• Ethernet used for 360 all round view
• Some features communicate with key fob / smartphone

Level 3 “Semi autonomous architecture”

• Dedicated ADAS domain to support sensor fusion on a much larger scale
• Sensor fusion partitioned in domains
• GPS / map data becomes a sensor that needs regular update
• Communication with key fob / smartphone
• FlexRay and Ethernet standard

Level 4 “Full autonomous architecture”

• Dedicated ADASdomain to support full sensor fusion (Forward, Rear, All Around)
• GPS / map data need near “real-time” update & high definition
• Communicate with key fob / smartphone
• OTA download and connected services (including Artificial intelligence)
• FlexRay and Ethernet standard

Level 5 “Driverless architecture”

• Same as for level 4 but with more sensors to accommodate all types of road, weather and lighting environment.

Layer 3 and above layers architecture

Representative Electrical Architecture

STRIDE

STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege) is a threat modelling approach developed by Microsoft and it is currently considered the most applicable method for the automotive industry because it:

• Is a threat centric approach
• Provides a structured approach of categorising threats
• Enables direct mapping with system’s elements and security attributes

S

Spoofing User Identity

T

Tampering with Data

R

Repudiation

I

Information Disclosure

D

Denial of Service

E

Elevation of Privilege

Attempt to gain access to a system by using a false identity Ability of users to deny that they performed specific actions Process of making a system unavailable to legitimate users Unauthorised modification

• f data

Unwanted exposure of data

User with limited privileges gains access to restricted application User with limited privileges gains access to restricted application

Threat Modelling

Reference: Who are the Hackers ?

Hactivists Cyber Criminal Disgruntled ex- employees State Hackers Script Kiddies Spy Hackers Make Political Statements Financial gain, Cyber Warfare Revenge Espionage Fun and Fame, Avoid paying Corporate Espionage

• Depending on hackers/hacker groups, targets can be different. Therefore attacking techniques and equipment are also

different.

Defining the Actors Environment

Representative Abuse Stories

Case # Actor I Want So That 1 Bitcoin Miner Use ability of ECUs Get more bitcoin 2 Academic Researcher/Cyber Criminal Spoof the system Get private information from vehicle 3 Service Provider Patch the vehicle but ignore some of them Have this customer back and get more money 4 Vehicle Owner Block the entrance parking Annoy my neighbours 5 Vehicle Owner Cheat after cars into giving ways He can drive faster 6 Professional Hacker Hack into the car Ransom it to their owners 7 Competitor Cause delays(jam) in some roads Gain advantage/value 8 Criminal Follow another vehicle Do criminal activities 9 Criminal Other CAV crash into my own Get money 10 Criminal Use Autonomous Car Transport illicit goods 11 Terrorist Use Autonomous Car Damage traffic 12 Professional Hacker Spoof signs Change vehicle behaviour 13 OCA (Organise Crime Agent) Data mining - sell products on web Can get profit 14 OEM Gather data to sell Get money 15 Competitor Develop new exciting products Seize the market 16 Pranker Direct traffic Make giggles 17 OEM Highlight deficiencies in system Gan greater market sharing 18 Attacker/Terrorist Remotely control cars Commit a terrorist attack 19 Professional Hacker Control the vehicle Do the DDoS attack to others

• User stories is a method for

capturing high-level system functional requirements. The user stories are generated by the system stakeholders.

• User

stories captured for malicious Actors can help in identifying potential system misuse or exploitation, at a high level.

• User stories written for intended

Actors can help in identifying the functions that need protecting and the required interactions between the intended Actors.

Defence In Depth

Defence in Depth

HumanDrive Consortium

http://humandrive.co.uk Richard.Hillman@ts.catapult.org.uk